How we handle your data.
This policy explains what data Nevidio OÜ (trading as "IskraVPN", "we", "us") processes when you use our VPN service and app, order a subscription on this website, and contact support, and what your rights are.
The Russian version is the primary version. This English version is a convenience translation; in case of discrepancy, the Russian text prevails.
01 Who we are
The data controller is Nevidio OÜ, a private limited company incorporated in Estonia (details in the Public Offer).
For privacy questions and data requests, contact privacy@nevid.io. For general support, message @iskravpn_app_bot on Telegram.
You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or with the supervisory authority in your country of residence.
02 What we collect
We designed IskraVPN to know as little about you as possible.
Account
A randomly generated account identifier and your subscription status (free or premium, expiry date). To use the app, we do not require your name, email, or phone number.
Order and email
When you order a subscription on the website we collect an email address — to send the receipt and activation code and to contact you about the order. Providing an email is voluntary, but without it we cannot process the order or issue the activation code.
Payments
Subscription payments are processed by a third-party payment provider (see Section 4). We receive only a payment reference and confirmation of payment, which we link to your order to activate your subscription. We do not receive or store your card number, bank account details, or SBP credentials.
Connection records
For operational reasons (capacity planning, abuse prevention, debugging), we record aggregate connection events: timestamps, the protocol and exit location used, and the volume of data transferred.
Operational signals
The app sends anonymized signals about network conditions and app stability — latency, error rates, crash reports. These are aggregate, cannot be tied to a specific user, and are a necessary part of how the Service works. They are not used for behavioural analysis, marketing, or sales.
Support communications
If you contact us via the Telegram bot or by email, we receive the content of your message and your Telegram username or email address. We retain support conversations for as long as needed to resolve your issue and for a reasonable follow-up period.
Website
The website does not use analytics, advertising trackers, or cookies that identify visitors. Our hosting provider processes technical request metadata, including IP addresses, for security and abuse prevention.
03 Why we process this data
Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:
- Performance of a contract (Art. 6(1)(b)) — to provide the Service, manage your subscription, and process payments.
- Legitimate interest (Art. 6(1)(f)) — to keep the Service secure and operational, prevent abuse, debug issues, and combat fraud.
- Legal obligation (Art. 6(1)(c)) — to comply with applicable law, including accounting records for payments.
04 Who we share data with
We share the minimum necessary data with:
- The payment provider ([PAYMENT_PROCESSOR]) — to process subscription payments. They receive payment details directly from you, not from us.
- Hosting and infrastructure providers — to run the website and the VPN servers in the countries where we operate exit nodes.
- Google Play and Apple App Store — when you install the app from the official stores.
- Telegram — when you interact with our bot or channel.
- Regulators, law enforcement, and courts — only when required by a valid legal process.
We do not sell your data. We do not share it for advertising.
05 How long we keep it
- Account and subscription data: while your account is active, plus 30 days after the last active subscription expires.
- Order and payment records (including email and receipts): seven years, as required by accounting law.
- Anonymous connection records: up to 30 days, then deleted or aggregated.
- Support communications: up to 12 months after the issue is resolved.
- Operational signals (including crash reports): up to 90 days.
06 International transfers
The Service operates exit nodes in multiple countries by design. We work with providers in countries that either offer an adequate level of data protection under EU law or are bound by Standard Contractual Clauses approved by the European Commission.
07 Your rights
Under the GDPR, you have the right to access your data, rectify it, erase it, restrict or object to processing, obtain portability, withdraw consent, and lodge a complaint with a supervisory authority.
Because we identify you only by an opaque account identifier or your order email, we may need one of them to act on a request. Write to privacy@nevid.io — we respond within 30 days.
08 Children
The Service is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have, contact privacy@nevid.io and we will delete it.
09 Changes
We may update this policy. The current version is always available on this website. Material changes will be announced on the website and in the app.